I'm trying to get started in Ethical Hacking/forensics, and wondered that burning question....... how what and where do I get started???? I have downloaded quite a bit of literature and am after a good starting point.

well you've come to the right place. If you wanna get started, get reading, since you said you downloaded literature.The best advise I can give you, since you said you wondered about the burning question...

Find outWhat is Ethical Hacking?What is Forensics and how it encompasses IT?

Ponder on the result. Then after careful consideration (more than five minutes) ask yourself if you think this is gonna be the path that you will follow for the rest of your life. It does sound like forever and well yes it is. Both these branches involves daily research, and cannot be learned by just studying a manual, you'll learn as you go, that's how i do it.

Many people think security is all fun and games, believe me it is, that is if you are cut out for it. If your passion is here, then despite the hours studying/ researching, besides the deadlines which may somehow manage to be completed in the nick of time, and of course the higher ups breathing down your neck, it will never seem boring and frustrating.

I may not have the certs but I have the heart and this is what has kept me in IT security for so long.

I think I'm straying, but to make a long story short, the questions above are the most important thing to do if you want a good starting point.

If after careful consideration, this is the place for you, start reading the manuals, then come back and let the community know your progress and problems.This is one of the forums where beginners to elites feel comfortable, so let your questions rip (with hard research done before though).

TCP/IP Illustrated Vol 1 by Richard W. Stevens. If this is not on your bookshelf it should be.

Remember that pentesting is about gaining access to critical data, not critical systems. Getting a shell on a box is cool but that's not the goal. If an attacker can sniff network traffic to get what he needs why bother to try for access to the server. Far easier to intercept traffic to the printer and recreate the files. So that is why I strongly recommend the above book. The better you understand the underlying protocols the easier everything else becomes.

The same applies to forensics. File system forensics is getting harder and harder and so the network is where your forensic data is being gathered more and more often.

If you are really motivated to be in the security field, then I suggest you to read fyodor's interview published in slashdot. Refer 4th question and his answer to it. If his answer really motivates you to be "THE ONE", then no one can stop you.

Why is it when someone asks where to get started they are always given the same BS answer of learn your TCP/IP protocols. Sorry but its just not true and I see it as a smoke screen. It reminds me of the Karate kid that has to do wax on, wax off before really learning Karate. Give me one real example of simply knowing that or the OSI model teaches you how to hack. The reality is you can do some very effective hacking without understanding much theory at all and its done every single day on the net. People can run programs without understanding programing.

If you want to get a good start, download some of the common tools and start working with them. Start with nmap and scan your own network or DL some vmware and install a free linux disto and scan it. Get a sniffer and see if you capture data on your network. Work with the tools on your own network and thats your first start. Or you can just eat up time reading about what the layer 2 protocol is supposed to do.

Last edited by EmanoN on Wed Nov 21, 2007 9:24 pm, edited 1 time in total.

EmanoN wrote:Why is it when someone asks where to get started they are always given the same BS answer of learn your TCP/IP protocols. ...

i started to give my long answer to this question, but its just not worth it.

if you think running nmap, nessus and metasploit and even getting a shell makes someone a hacker or even a shitty network admin you've got a long way to go...

ironically you tell then in your first steps "anyone can do it" stuff to get a sniffer and capture data and run nmap, if you dont know TCP/IP what good is that going to do? how do you understand why a SYN scan may return different results than a CONNECT scan or even what the differences between the two are? how do they understand what an open or closed port on 21,23,80,443,etc means? as for layer2, explain to them why an arp ping wont work outside of their network without them understanding the differences between layers 2-4. How do they set up the little VMware network if they dont know networking? in fact, all the stuff you listed REQUIRES TCP/IP knowledge, except for maybe just randomly running tools at IPs.

Last edited by LSOChris on Thu Nov 22, 2007 12:33 am, edited 1 time in total.

Here is another scenario for you, EmanoN. The original poster mentioned forensics, you had better know your protocols damn well today if you want to do forensics for a living. If thinking that using Wireshark to do all your protocol decodes for you is going to be sufficient you really need to buy that book yourself. It is trivially easy to script a telnet/ftp like app for covert (not encrypted) communications and have the traffic 'encoded' so that when it displays in Wireshark it looks like garbage. Simply prepending a byte to the IP header will do this for you. Unless you know how to read the raw packet you will never figure that out.

Do you know what byte to look at to determine the IP version and header length? Do you know the byte to look at to determine the protocol in use? A simple shift of the byte locations will confuse wireshark.

From a pentesting perspective knowing how to read a packet capture is essential. From simply looking for data in plain text protocols to traffic patterns for mapping the network and most used devices. I've said this before but it apparently requires repeating, pentesting is about gaining access to critical data, not dropping a shell on a box

The reality is you can do some very effective hacking without understanding much theory at all and its done every single day on the net. People can run programs without understanding programing.

I see comments like these and my first thought is 'Job Security' but then I realize that I'm gonna have to do all the work myself for my clients as it is doubtful that anyone who follows that advice will make it through the first questions in an interview with me. The reality is that I can train a chimp to click on a button but I need people who can think and have a passion for what they do.

One last thing, you might want to take some time and look up what the original meaning of the word "hacker" actually was. You will find that it was used to describe people with a desire and a passion to learn as much as possible about a given topic and to push the boundaries of their environments.

That’s really good. You made my point better than I could. What you are describing is the importance of understanding the output of tools, which really has more to do with understanding the particulars of that tool. While it may be interesting to understand that an nmap –sS doesn’t complete the 3 way handshake in TCP/IP, what really matters is the results it gives me and what do I do to that particular tool if I am not getting any results I seek. What options would I add? Yes its true the tools I mentioned anyone can learn just like anyone can learn TCP/IP. Not sure what that has to do with it. What takes time is learning all the aspects of a tool and how to customize if need be. That translates in to working with each tool as much as possible and in every possible situation. Understanding TCP/IP is more crucial if you are writing your own tools. About 30% of the tools and exploits I run where written by me, but could easily by used by anyone with a little instruction on the particulars of that tool, which has nothing to do with memorizing the 7 layers of the OSI model. If learning all the theory of every protocol makes hacking more interesting to you, that’s fine. Just don’t tell people that want to learn hacking it’s the crucial place to start. Its just not true. Get going with the common tools and start getting experience. The more experience you get under your belt, the sooner you will no longer be a noob. The original meaning of the term "hacker" has nothing to do with what you posted. It had to do with individuals that would "hack" hardware to change it to do something different from what it was intended. Later the press used it for people that would break into computers. Do you guys really understand what hacking is all about or are you more just bogged down theoretical security guys wearing your little suit and ties? Oh and Dean, I did go look up the term hacker and guess what? There was a picture of me there, Ha Ha!

Last edited by EmanoN on Thu Nov 22, 2007 10:58 am, edited 1 time in total.

The original meaning of the term "hacker" has nothing to do with what you posted. It had to do with individuals that would "hack" hardware to change it to do something different from what it was intended.

it was used to describe people with a desire and a passion to learn as much as possible about a given topic and to push the boundaries of their environments.

Seems to make the same point, doesn't it?

Also, if you are going to troll the forums and try to elicit responses from everyone you might want to make the attempt, when picking your viewpoint, to at least back it up with some facts. This goes for the other threads too.

Oh and Dean, I did go look up the term hacker and guess what? There was a picture of me there, Ha Ha!